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Field of the Invention 

The present invention relates to apparatus and method for the transfer of 
a digital video disc (DVD) key for the decoding of encrypted, compressed DVD 
data to an attached device from a computer system or from an electronic display 
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controller and more particularly for the transfer of such a key to an attached 
display device. 

Background of the Invention 

Within the past decade, the advent of world-wide electronic 
communications systems has enhanced the way in which people can send and 
receive information. In particular, the capabilities of real-time video and audio 
systems have greatly improved in recent years. In order to provide services such 
as video-on-demand, video conferencing, and digital video disc (DVD) motion 
pictures, an enormous amount of bandwidth is required. In fact, bandwidth is 
often the main inhibitor in the effectiveness of such systems. 

In order to overcome the constraints imposed by existing technology, 
compression systems have emerged. These systems reduce the amount of 
video and audio data which must be transmitted by removing redundancy in the 
picture sequence. At the receiving end, the picture sequence is decompressed 
and may be displayed in real time. 

One example of an emerging video compression standard is the Moving 
Picture Experts Group ("MPEG") standard. Within the MPEG standard, video 
compression is defined both within a picture and between pictures. Video 
compression within a picture is accomplished by conversion of the digital image 
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from the time domain to the frequency domain by a discrete cosine transform, 
quantization, variable length coding, and Huffman coding. Video compression 
between pictures is accomplished via a process referred to as "motion 
estimation", in which a motion vector plus difference data is used to describe the 
translation of a set of picture elements from one picture to another. The ISO 
MPEG2 standard specifies only the syntax of bitstream and semantics of the 
decoding process. The particular choice of coding parameters and tradeoffs in 
performance versus complexity is left to the system developers. 

Digital Versatile Disc (DVD) is an emerging technology which due to its 
nature, requires extensive encryption in order to protect the data, such as a 
motion picture, against unauthorized copying. 

DVD is a specification for the content of video, audio and other 
compressed data to be used as playback video, audio and, for example, subtitle 
data by a DVD decoder. The DVD video data is specified in the Moving Picture 
Experts Group (MPEG) standard (ISO/IEC 13818-2). As well as being 
represented by this standard, the data is also encrypted using the industry's 
Content Scrambling System (CSS), which produces an encrypted, encoded data 
stream for DVD playback. The data stream can be decrypted by hardware 
licensed to perform CSS decryption. Conventionally, CSS decryption occurs at 
a PCI card, which also conventionally includes MPEG decompression of the 
encrypted, encoded data signal. The decoded video signal is then transferred 
to a display device unencrypted. This means that it may be possible to attach 
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a video storage device to the display interface so that it is able to store a copy 
of the decoded video data signal. 

The present invention is directed in one particular aspect to improving 
upon this conventional DVD processing of the encrypted, encoded data stream. 

Summary of the Invention 

Accordingly, the present invention provides apparatus for processing an 
encrypted data stream within a computer system adapted to receive the 
encrypted data stream from a data storage device, the apparatus comprising: a 
data output device coupled to said computer system and having a plurality of 
data output areas; means for transferring said encrypted data stream from said 
data storage device to said data output device, said encrypted data stream being 
for output to one of said plurality of data output areas; and decryption means 
associated with said data output device for receiving said encrypted data stream 
and for decrypting said encrypted data stream to produce a clear data stream for 
output to one of said plurality of data output areas, wherein said decryption 
means receives a decryption key from said computer system, said decryption key 
relating only to said encrypted data stream associated with said one of said 
plurality of data output areas. 
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Having the decryption means associated with the data output device 
means that the DVD data stream is transferred line by line over a Digital Video 
Interface in an encoded format. This means that it is not possible to attach a 
video storage device to the display interface in order to store a copy of the video 
data signal as the signal is encoded at this point. 

Preferably, data associated with the one of said plurality of data output 
areas is not output if the decryption key associated with the one of said plurality 
of data output areas is not received; and data associated with others of said 
plurality of data output areas is output independent of the receipt or non-receipt 
of the decryption key associated with the one of said plurality of data output 
areas. 

The decryption key relates only to the encrypted data stream which is to 
be output to the one of the data output areas. In the event that the decryption 
key is not received, others of the data output areas will be displayed on the data 
output device. For example, the desktop image will always be displayed, since 
there is no decryption key associated with the desktop image. Additionally, any 
data output areas that do not contain DVD data will also always be displayed. 
Another advantage of the decryption key only relating to one of the data output 
areas is that the decoding is within the data output area. This means that the 
start point of the data output area is not fixed as the data output area may be 
located at any point within the entire output area. If a single key is used for the 
entire data output area including the part which is encoded with the DVD key, 
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then it is easier to attack the encrypted data stream as the start position of the 
encrypted data stream is known. Having the start point of the data output area 
in a random position means that it is more difficult to predict the start of DVD data 
and so attacking the encrypted data stream is made more difficult. This allows 
5 the use of a weaker key decode with a decode on a line by line basis. 

Further preferably, data associated with one of said others of said plurality 
of data output areas is an encrypted data stream having a decryption key that 
differs from the decryption key associated with the encrypted data associated 
with the one of said plurality of data output areas. 
10 This allows for the display of more than one encrypted data stream in 

5 separate data output areas of the data output device, each of the encrypted data 

W streams being separately controlled by a different decryption key. 

m In a preferred embodiment, data associated with others of said plurality 

fri 

ijj of data output areas is an unencrypted data stream having no decryption key. 

% This allows the use of a background image on the data output device, the 

3 

O background image not requiring, nor being encrypted. The unencrypted data 

iff 

stream may also be a conventional output displayed on the data output device 
5 that does not require, nor is encrypted. 

J3 In a further preferred embodiment, said decryption key contains an 

20 indication of the number of data output areas associated with the data output 

device which output encrypted data. 
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The invention also provides a method for processing an encrypted data 
stream within a computer system comprising the steps of: receiving an encrypted 
data stream from a data storage device; transferring said encrypted data stream 
from said data storage device to a data output device having a plurality of data 
output areas, said encrypted data stream being for output to one of said plurality 
of data output areas; receiving a decryption key in said data output device, said 
decryption key relating only to said encrypted data stream associated with said 
one of said plurality of data output areas; decrypting, in said data output device, 
said encrypted data stream to produce a clear data stream for output to one of 
said plurality of data output areas. 
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Brief Description of the Drawings 



Embodiments of the invention will now be described, by way of example, 
with reference to the accompanying drawings, in which: 

Figure 1 depicts one embodiment of a computer system employing 
decryption apparatus in accordance with the present invention; 

Figure 2 is a typical screen image taken from the display of figure 1 ; 

Figure 3 is a representation of one embodiment of DVD disc data decode 
key in accordance with the present invention; and 

Figure 4 is a block diagram of one embodiment of the digital decoder of 
figure 1 in accordance with the present invention. 

Detailed Description of Preferred Embodiments of the Invention 

Referring firstly to figure 1, one embodiment of a computer system 
employing apparatus in accordance with the present invention is shown. 

The invention will now be described with reference to a computing system 
100 as illustrated in figure 1 . The invention may also be used with other suitable 
hardware systems such as a laptop or a notepad computing system. Computing 
system 1 00 includes any suitable central processing unit 1 1 0, such as a standard 
microprocessor and any number of other objects interconnected via system bus 
112. For the purposes of illustration, computing system 1 00 includes memory, 
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such as Read Only Memory (ROM) 116, Random Access Memory (RAM) 114 
and peripheral memory devices, for example, disk or tape drives 1 20, connected 
to system bus 1 12 via I/O adapter 118. Computing system 100 further includes 
a display adapter 136 for connecting system bus 1 12 to a display device 138. 
Also, user interface adapter 122 could connect system bus 112 to other user 
controls, such as keyboard 124, speaker 128, mouse 126 and a touch-sensitive 
pad (not shown). Computing system 100 further includes a DVD drive 130 for 
the retrieval of computer data and in particular, for the retrieval of movie data 
used to display films on a display 138 attached to the computing system 100. 

Display device 138 incorporates a decoder/decompressor for data such 
as movie data originating from the DVD drive 1 30. Encrypted DVD data from the 
DVD drive 130 is transferred via system bus 112 to display adapter 136. The 
DVD data remains encrypted on the system bus 112, and is decrypted in the 
display adapter 136. The portion of the DVD data which is to be displayed in the 
DVD window on the display 138 is encrypted in digital encoder 144 for 
transmission to the display 138 over an interface 140. 

Display 138 incorporates a decoder/decompressor 142, which receives 
the encrypted data from the interface 140 for display in a DVD window. The 
decoder/decompressor 1 42 also receives DVD decode keys for any windows of 
the desktop in which encoded DVD data is being displayed. 

Referring to figure 2, a typical screen image 200 is shown as it appears 
on the display 1 38 of figure 1 . The screen image 200 has a background 204 with 
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data which is not in a DVD format and is not encoded appearing in a window 
202. The background 204 and this data are correctly displayed in window 202 
regardless of whether any DVD decode keys have been transmitted from the 
computing system 1 00 to the display 1 38 or not. Screen image 200 also contains 
two windows 206, 208 in which are displayed DVD data. The data in these 
windows 206, 208 is not displayed unless correct DVD decode keys for each of 
the windows 206, 208 has been transmitted from the computing system 100 to 
the display 1 38. Each of the windows 206, 208 has a separate key and data may 
be displayed in one window 206, but not the other 208 in the event that the key 
for that window 206 is received, but the key for the other window 208 is not 
received. A fresh key is sent for each frame of the displayed image. 

Referring to figure 3, which shows one embodiment of a DVD disc data 
decode key in accordance with the present invention. The first field of the 
decode key contains the 4 bit number of DVD windows presently displayed on 
the display 1 38. The second field of the decode key contains the 64 bit DES key 
used to decode the DVD data. The third field contains the 16 bit X pixel start 
address and the 16 bit Y pixel start address of the window. The fourth field 
contains the 1 6 bit X pixel length, giving the size in the X dimension of the DVD 
window. The fifth field contains the 16 bit Y pixel length, giving the size in the Y 
dimension of the DVD window. The second to fifth fields are then repeated for 
each of the DVD windows until data for all of the DVD windows represented by 
the 4 bit number of DVD windows in the first field has been included. 
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Referring now to figure 4, which is a block diagram of one embodiment of 
the digital decoder of figure 1 . 

Display 1 38 incorporates a decoder 441 and a decompressor 442, which 
receives the encrypted DVD data from the interface 140. The 
decoder/decompressor 1 42 also receives DVD decode keys for any windows to 
be displayed on the display in which encoded DVD data is to be displayed. X 
address counter 444 is clocked by a pixel clock recovered from digital decoder 
441 . Y address counter 445 is clocked by a recovered data good signal or a 
horizontal synchronisation signal from digital decoder 441 . X length register 446, 
Y length register 447, X start register 449 and Y start register 450 are loaded 
during the vertical synchronisation signal active period. 

X address comparator 451 compares whether the contents of the X 
address counter 444 are greater than or equal to the X start register 449. Y 
address comparator 452 compares whether the contents of the Y address 
counter 445 are greater than or equal to the Y start register 450. These 
comparators provide a signal to AND gates 457, 458 that indicates that the 
current addresses in the X address counter 444 and the Y address counter 445 
are such that they fall at or beyond the start of the window, that is, on a 
conventional display screen having addresses starting at the top left of the 
screen, that the current position is below and to the right of the top left corner of 
the window. 
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X Adder 453 adds the contents of the X Start register 449 to the contents 
of the X length register 446. Y Adder 454 adds the contents of the Y Start 
register 450 to the contents of the Y length register 447. X end comparator 455 
compares whether the contents of the X address counter 444 are less than or 
equal to the output of the X Adder 453. Y end comparator 456 compares 
whether the contents of the Y address counter 445 are less than or equal to the 
output of the Y Adder 454. These comparators provide a signal to AND gates 
457, 458 that indicates that the current addresses in the X address counter 444 
and the Y address counter 445 are such that they fall at or before the end of the 
window, that is, on a conventional display screen having addresses starting at 
the top left of the screen, that the current position is above and to the left of the 
bottom right corner of the window. AND Gates 457, 458 together with AND gate 
459 provide a signal that indicates that the current X counter 444 contents and 
the current Y counter 445 contents fail within the bounds of the displayed 
window. 

DVD output multiplexer 460 receives a screen refresh data signal from 
digital decoder 441 and a decoded DVD data signal from DVD de-encryption 
442. DVD output multiplexer 460 is switched between these two signals by the 
output of AND gate 459, which represents that the current X counter 444 
contents and the current Y counter 445 contents fall within the bounds of the 
displayed window. The output from the DVD output multiplexer 460 is the 
decrypted DVD data when the current X counter 444 contents and the current Y 
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counter 445 contents fail within the bounds of the displayed window and the data 
from the digital decoder 441 when the current X counter 444 contents and the 
current Y counter 445 contents do not fall within the bounds of the displayed 
window. The output from the DVD output multiplexer 460 is sent to the display 
138. The DVD de-encryption is enabled when any one of the comparators 451 , 
452, 455 and 456 is in a true state. 

In an embodiment where there are multiple windows on the display 138 
in which DVD data is being displayed, the items having reference numerals 442 
to 460 are repeated for each of the windows displaying DVD data. 

Although the above embodiment has been described with respect to a 
display 138, the present invention is equally applicable to other types of data 
output device, for example, a printer which produces a screen print of the output 
of the display. 

The usage of the decode key for each of the windows will now be 
described. 

1 . At the start of each frame, a decode key such as that of figure 3 is sent 
over interface 140 from the computing system 100 to the display 
decoder/decompressor 142. The decode key is combined with an AKE Key 462 
and is used to decode the screen location of each window having DVD data 
displayed within it. The X Start register 449, Y Start register 450, X Length 
register 446 and Y Length register 447 are each loaded with the encoded data 
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value and are then de-encrypted and the register reloaded with the de-encrypted 
value. 

2. During each frame, video data in conventional format is transmitted over 
interface 140 from the computing system 100 to the display device 138. The 
video data corresponding to windows containing DVD data is transmitted over 
interface 140 in encrypted form. 

3. When data corresponding to the windows containing DVD data is to be 
displayed, the decoder/decompressor 142 decodes/decompresses the data for 
display on the computer display 1 38, the DVD output being enabled by AND gate 
159 which switches the data flow via DVD output multiplexer 160. 

While the preferred embodiments have been described here in detail, it 
will be clear to those skilled in the art that many variants are possible without 
departing from the spirit and scope of the present invention. In particular, the 
preferred embodiments have been described in terms of a display device, 
whereas the present invention may also be advantageously applied to systems 
comprising other types of devices, such as printing devices. Equally, the 
invention should not be seen as limited to the particular architectures and 
protocols described in the preferred embodiments, as those skilled in the art will 
readily see that the invention may advantageously be applied in systems having 
other architectures and protocols. 
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